(RADIATOR) shared secret and CHAP (revisitte)
Hugh Irvine
hugh at open.com.au
Mon Dec 6 15:40:15 CST 2004
Hello Tariq -
Unfortunately Radiator has no way of knowing whether the shared secret
is correct or not.
regards
Hugh
On 6 Dec 2004, at 22:39, Tariq Rashid wrote:
>
> Hi all,
>
> I'm seeing some behaviour which I was suprised by. I saw that when
> using
> CHAP, the shared secret doesn't have to match. As long as the username
> and
> the associated password match, an Access-Accept is issued.
>
> This has been discussed before:
> http://www.open.com.au/archives/radiator/2003-04/msg00114.html
>
> However, I wonder if current radiators (i'm still using 3.3 and 3.8 and
> nothing newer yet) are modified to fix this? I know that according to
> the
> protocol, this is not incorrect behaviour!
>
> Any thoughts regarding that layer of security would be appreciated! I
> is
> useful to drop connections and not reply to those NASes which don't
> have the
> correct shared secret. This saved server resources and also doesnt
> credit
> any intruders with a rsponse.
>
> (I also noticed that raidator will reply to auth and acct requests to
> acct
> and auth ports respectively - but this seems to be documented!)
>
> Tariq
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list